Get a demo
AppSec with Zero Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo

Stack Trace Disclosure (Java)

Severity: Medium
Summary#

Invicti identified a stack trace disclosure (Java) in the target web server's HTTP response.

Impact#
An attacker can obtain information such as:
  • Tomcat version.
  • Physical file path of Tomcat files.
  • Information about the generated exception.
This information might help an attacker gain more information and potentially focus on the development of further attacks to the target system.
Remediation#
Apply the following configuration to your web.xml file to prevent information leakage by applying custom error pages.
<error-page>
    <error-code>500</error-code>
    <location>/server_error.html</location>
</error-page>
Classifications#
, , , , , , , ,
Invicti Security Insights

Select Category

OR

Search Vulnerability

Tags

OWASP 2013-A5 OWASP 2017-A6 stack trace java

Related Vulnerabilities

Related Articles

Build your resistance to threats. And save hundreds of hours each month.

Get a demo See how it works